Target’s cybersecurity event may have been preventable

Target Corp.’s widely publicized cybersecurity fiasco this past holiday season resulted in a number of class action lawsuits and general displeasure from the public. That criticism may increase following revelations this week that Target identified the potential threat but neglected to act.

On March 13, the company released additional information on the attack, including word that it had detected the presence of malicious software during the time of the attack but declined to take action against it. While it is unknown whether the attack detected was the same one that stole information from millions of customers, the lapse in action is disconcerting for consumer advocates.

The revelations came following a Bloomberg Businessweek report that says Target’s security team had received notice from FireEye, Inc. security systems on Nov. 30 that an attempted attack had been made. While the attack in question eventually turned out to be part of the massive breach, the alert carried a generic name of “malware.binary,” which experts say may have been unobtrusive enough to continue unaddressed.

Given the sheer volume of attacks that large corporations like Target field on a daily basis, this one did not warrant any additional action.

"Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up," Target spokeswoman Molly Snyder said in a statement.

The new details bring to light the gaps in current enterprise security techniques and give a window into how difficult the management of massive volumes of attacks can be. Current regulations do not offer solid guidelines into how cybersecurity operations should work, making accountability and proactivity even more difficult.